On March 27 and 28, 2019, Paula presented Briefings and Arsenal sessions at Black Hat Asia 2019 in Singapore. CQURE Team has written over 200 hacking tools during penetration testing. They decided to choose the top 39 tools and pack them in a toolkit called CQTools.
This toolkit allows you to deliver complete attacks within the infrastructure, starting with sniffing and spoofing activities, going through information extraction, password extraction, custom shell generation, custom payload generation, hiding code from antivirus solutions, various keyloggers and leverage this information to deliver attacks.
Some of the tools are based on discoveries that were released to the world for the first time by CQURE Team; some of the tools took years to complete, and all of the tools work in a straightforward manner. CQTools is the ultimate toolkit to have when delivering a penetration test. The tools work simply, and we use them in practice during our cybersecurity assignments.
Also read: Complete Penetration Testing & Hacking Tools List
About CQURE
CQURE is a provider of specialized services in IT infrastructure security, business applications, consulting and advisory services. CQURE providesthe following services:high quality penetration tests with useful reports, configuration reviews, incident response emergency services, security architecture and design advisory, forensics investigation, security trainings and awarenessfor management and employees.
CQURE was the first team that did full reverse engineering of DPAPI (Data Protection Application Programming Interface) and prepared the first public tool that allows monitoring WSL (Windows Subsystem for Linux) feature.
Tools included (view whitepaper for full list of tools and usage)
CQWSLMon.exe – Windows Subsystem for Linux (WSL) is a compatibility layer for running Linux binary executables (in ELF format) natively on Windows 10 and Windows Server 2019.
CQRegKeyLastWriteTime.exe – Allows to extract information about the datetime when the Registry Key was modified for the last time.
CQNTDSDTDecrypter.exe – Decrypts ntds.ditfileby providing appropriate Bootkey, extractspassword hashes, KDS master root keys
CQDPAPIBlobDecrypter.exe – Decrypts Blob with DPAPI.
CQDPAPIBlobSearcher.exe – Search for DPAPI blobs inside a file.
CQDPAPIEncDec.exe – Encryptsand decryptstext using DPAPI.
CQDPAPIKeePassDBDecryptor.exe – Allows to decrypt KeePass database by using DPAPI data that is possessed from the domain.
CQETWKeylogger.exe – Keylogger based on ETW(Event Tracing for Windows).It only uses features built in Windows system, so noadditional software is needed to perform the attack.
CQImpersonate.exe – This tool allows to run a command in the context of any of the authenticated users from your system. This tool requires to be run in the LOCAL_SYSTEM context
CQRegTool.exe – Registry analyzer.
View full list and usage of tools here
Also read: Complete Penetration Testing & Hacking Tools List
Conclusion
CQTools provide not only features that could be used for exploitation, but also,they provide information that could be useful for security researchers such as information extracted from DPAPI or WSL (Windows Subsystem for Linux) and other information regarding Windows internals. CQTools is a useful toolkit for both delivering a penetration test and security research.
Paula’s BlackHat ASIA presentation can be found below.
Previous
Next
